faizan ahmed-cv
TRANSCRIPT
![Page 1: Faizan Ahmed-CV](https://reader030.vdocuments.pub/reader030/viewer/2022021416/58ecff581a28abf2578b45f9/html5/thumbnails/1.jpg)
FAIZAN AHMED- CISA Certified, CRISC (Q),
ISO 27001 (Q) Address:Flat 403,Asad Apartment, Delhi Colony, Karachi.
Email:[email protected]
Cell: +923332862261
CAREER SUMMARY
An experienced IS/IT audit professional with a record of increasing & fulfilling responsibilities with more than 5 years of experience with two big 4 audit firms and a leading courier company for both internal and external IS/IT audits. I am certified Information System Auditor. Certificate # 16128188.
I am currently associated with KPMG Taseer Hadi & Co Pakistan. I am responsible as a Senior IS/IT Consultant in IT Advisory department.
Prior to joining KPMG I worked as a Senior Information Security Compliance in TCS, Senior Associate II at
EY Pakistan ISSA department and Associate II at KPMG Pakistan ITA department, where I had been involved in engagements relating to Information Systems Audit, IT Risk Assessment, I have also involved in
the execution of Information Systems Internal Audits/Financial Audit IT Support assignments.
PROFESSIONAL EXPERIENCE
My selective experience is depicted as follows:
KPMG Taseer Hadi & Co Jan 2016-Present
IT Advisory Consultant
Senior Associate II- Information Technology Advisory & Assurance
I am currently associated with KPMG Taseer Hadi & Co as s senior consultant. I am responsible for the
execution of IS/IT external and Internal audits and consultancy assignments.
I am currently working as a team lead on an advisory assignment at 1Link Guarantee Limited.
My job responsibilities involved the following
Identification of risks and recommendation of controls.
Review and Gap analysis of Policies and Procedures.
Planning audit procedures in response to identified controls and preparation of audit plan.
Review of IT General Controls.
Review of change management control like authorization, approvals, testing, monitoring and
segregation of incompatible duties.
Review of controls over logical access like privileged access management, user access
management, logical access management and segregation of duties.
Understanding and documenting of internal control environment
Reporting control weaknesses to the management in the form of internal audit reports and GAP
![Page 2: Faizan Ahmed-CV](https://reader030.vdocuments.pub/reader030/viewer/2022021416/58ecff581a28abf2578b45f9/html5/thumbnails/2.jpg)
Reports.
Preparation of internal and client documentation (e.g. Planning Memos, Budget and Audit
reports).
I have gained professional work experience while working on following nature of assignments:
Performed application controls testing to ensure the Completeness, Accuracy, Validity and
Restricted Access of the transactions for the business critical applications
Review Of Business Continuity Planning
Review and GAP identification of Information Security policies and Procedures (based on ISO
27001, ITIL Framework)
TCS Pakistan Sep 2014-Jan2016
Senior Information Security Compliance Officer
Responsibilities
I am responsible for the monitoring and compliance of ISO 27001 - ISMS.
Achievements: (Assist manger to Conduct ISO 27001-2005 surveillance Audit, Conduct ISO 27001-2005
internal audit individually, conducted ISO 27001-2013 Transition Audit individually)
Security Tools experience: McAfee DLP, GFI LanGuard Patch Management, Manage Engine Event Log
Analyzer, Squid Proxy, Firewall.
My job responsibilities involved the following:
Assist in the development of information security policies across the TCS PrintShop.
Perform internal audits & vulnerability testing for the current IT infrastructure and suggest
appropriate controls on the basis of findings.
Provide technical leadership and guidance in the acquisition, design, development,
implementation and support of the various components of the security architectural framework
Log, investigate and document findings of information security incidents reported to IT
Compliance team
Perform security risk assessments and security exposure analysis of business applications and
databases.
Work directly with the Information Security Manager for risk assessment program in line with IT
security policies; recommend method and approaches for vulnerability detection and its
remediation
Ernst & Young Ford Rhodes SidatHyder Oct 2013-Sep 2014
Senior Associate Consultant - Information Systems Security Assurance
KPMG Taseer Hadi & Co May 2012-Sep 2013
Associate Consultant II- Information Technology Advisory & Assurance
![Page 3: Faizan Ahmed-CV](https://reader030.vdocuments.pub/reader030/viewer/2022021416/58ecff581a28abf2578b45f9/html5/thumbnails/3.jpg)
Financial Audit IT Support Assignments at KPMG & EY
Client Main project features
STATE BANK OF
PAKISTAN
NATIONAL BANK OF
PAKISTAN
SONERI BANK LTD
EFU LIFE ASSURANCE
EFU GENERAL
INSURANCE;
HBL ASSET
MANAGEMENT
NATIONAL INVESTMENT
TRUST LTD
PICIC ASSET
MANAGEMENT
ORIX LEASING
PAKISTAN
UBL FUND MANAGERS
LTD
BSN MEDICAL LTD.
SECURITY PAPERS
TOTAL OIL PAKISTAN
DAWOOD YAMAHA
MOTORCYCLES LTD
CONTINENTAL BISCUITS
LTD
BELTEXCO LTD
My areas of expertise are:
IS/IT General Controls Review. (Domain Controller, Active
Directory, Hosting Operating Systems & Databases Security
Review) Information Systems Security Review.
IT Infrastructure Security Review.
Core Business & Modular Applications Security Review.
IT Governance & Compliance Review.
Review of Applications Transactions Flow/Controls Following are some examples of core business applications (ERP):
SAP
Oracle Financials E-Business Suite (EBS)
Electronic Banking System (EBS)
Globus (T24)
In-house developed applications and Modular applications /
Utilities of core business.
Review of General Systems (Operating Systems,
Applications and Databases) Security Settings Operating Systems
Application System (AS)/400
LINUX, UNIX, AIX
Windows 2003, 2008 R-2 Servers
Internal Audit-Financial Audit IT Support Assignments
ICI PAKISTAN LTD
NATIONAL FOODS LTD
Identification, evaluation and validation of IT General Controls over the
program change, logical access and IT operations (backups, monitoring and
problem management) processes for financial applications, Operating
Systems and Databases.
IT Advisory Assignments
1Link Gaurantee Ltd
SSGC Ltd
Information Systems Audit assignment at 1Link as per SBP PSO PSPs guidelines.
IT Policies and Procedure review and Gap analysis as per ITIL V3
![Page 4: Faizan Ahmed-CV](https://reader030.vdocuments.pub/reader030/viewer/2022021416/58ecff581a28abf2578b45f9/html5/thumbnails/4.jpg)
HBL Bank
framework.
Security Review of Network devices (Firewalls, Switches and Routers) and databases ( SQL, ORACLE, DB2) security and access controls review.
PROFESSIONAL CREDENTIALS
ISO 27001 Lead Auditor USA 2012
CRISC (Q)USA 2011
Certified Information System Auditor (CISA) USA 2010
EDUCATION
Bachelors in Commerce - University of Karachi, Pakistan 2008
1-Year Post Graduate Diploma in Information Systems 2014
PROFESSIONAL AFFILIATIONS
Member of Institute of Internal Auditors (IIA)
Member of Information System Audit And Control Association (ISACA,USA)
PROFESSIONAL DEVELOPMENT / ACHIEVEMENTS
IRCA Certified ISO 27001:2013-Internal Auditor Course
Achieved 1st position in CRISC Exam in allover Pakistan.
IRCA Certified ISO 27001:2005-Lead Auditor Course passed with 73% score
EXTRA-CURRICULAR ACTIVITIES AND INTERESTS
My time away from work is spent on sports, watching movies and reading.
I enjoy playing cricket.
PERSONAL DETAILS
Date of birth: Sep-15-1987
Passport No: FP1165511
Nationality: Pakistani
Marital status: Married
REFERENCES
Will be provided upon request.